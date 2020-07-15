Experts Reaction On Top Websites Provide Attackers with Access to Customer Data

It has been reported that analysis of the Alexa top 1000 websites revealed that there is a lack of security controls to prevent customer data theft. The main threat vectors are Magecart attacks, formjacking, cross-site scripting, and credit card skimming aim to exploit the vulnerable  JavaScript integrations running on 99% of the world’s top websites.

EXPERTS COMMENTS
Paul Bischoff, Privacy Advocate,  Comparitech
July 15, 2020
I don't think javascript is inherently insecure, but it can be used for malicious purposes such as drive-by downloads.
The fact that sites are pulling in assets from third parties that they might not have vetted is a bigger concern than whether or not they use javascript. Those vendors can be used to display ads, track analytics, improve website functionality, and use third-party website plugins. I think it's often the case that website operators don't even consider whether some integration uses javascript or not. ....
[Read More >>]
Hank Schless, Senior Manager, Security Solutions ,  Lookout
July 15, 2020
Balancing security and end-user experience has always been tricky.
Opening your platforms to such a large number of third parties will, of course, introduce more risk to your organization – especially in the context of privacy laws like GDPR from the European Union and CCPA out of California. With privacy being the main focus these days, security teams need to properly evaluate the security post of any third-party integrator before giving them access to custome ....
[Read More >>]
Javvad Malik, Security Awareness Advocate,  KnowBe4
July 15, 2020
Organisations should consider putting in place tools and procedures that can help them identify and fix any security issues that may be present.
Unfortunately, these findings do not come as much of a surprise. With some estimates suggesting up to 90 percent of an application can consist of third party components, many of which are open-source. This is not an issue that can be fixed easily or quickly without an overhaul in the way applications are developed wholesale. Back in 2016, we saw how one programmer briefly broke the internet by del ....
[Read More >>]
Chris Hauk, Consumer Privacy Champion,  Pixel Privacy
July 15, 2020
Browsers and websites were not originally developed with security in mind.
Businesses need to better monitor the code they use, especially that provided by third-party vendors. While using ready-made packages is convenient, it leaves companies and their customers open to being victimised by any security flaws present in the third-party code. JavaScript has a number of security vulnerabilities including Cross-Site Scripting, Server-side JavaScript injection, Cross-Site Re ....
[Read More >>]

